diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2022-02-03 15:46:22 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-03 15:46:22 +0100 |
commit | 89d79239582499426478db60dd122d368d2010d9 (patch) | |
tree | ff116d585eff70b117498e00c43b77c6b02778ed | |
parent | 0d07d24049e67014e12cd3f534c94ee9b7e58ccc (diff) |
andreer/endpoint cert retry on null (#21052)
* retry when receiving "null" from secret store
* improve progress and error messages for endpoint certs
2 files changed, 5 insertions, 5 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java index 87e0a82fc0b..9bfd8f9d34e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java @@ -36,7 +36,7 @@ public class EndpointCertificateValidatorImpl implements EndpointCertificateVali var pemEncodedEndpointCertificate = secretStore.getSecret(endpointCertificateMetadata.certName(), endpointCertificateMetadata.version()); if (pemEncodedEndpointCertificate == null) - throw new EndpointCertificateException(EndpointCertificateException.Type.VERIFICATION_FAILURE, "Secret store returned null for certificate"); + throw new EndpointCertificateException(EndpointCertificateException.Type.CERT_NOT_AVAILABLE, "Secret store returned null for certificate"); List<X509Certificate> x509CertificateList = X509CertificateUtils.certificateListFromPem(pemEncodedEndpointCertificate); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java index 88e9e56ad8d..87aed4d91ed 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java @@ -247,9 +247,9 @@ public class InternalStepRunner implements StepRunner { ? Optional.of(deploymentFailed) : Optional.empty(); switch (e.code()) { case CERTIFICATE_NOT_READY: - logger.log("Waiting for certificate to become ready on config server: New application, or old one has expired"); + logger.log("No valid CA signed certificate for app available to config server"); if (startTime.plus(timeouts.endpointCertificate()).isBefore(controller.clock().instant())) { - logger.log(WARNING, "Certificate did not become available on config server within (" + timeouts.endpointCertificate() + ")"); + logger.log(WARNING, "CA signed certificate for app not available to config server within " + timeouts.endpointCertificate()); return Optional.of(RunStatus.endpointCertificateTimeout); } return result; @@ -280,9 +280,9 @@ public class InternalStepRunner implements StepRunner { switch (e.type()) { case CERT_NOT_AVAILABLE: // Same as CERTIFICATE_NOT_READY above, only from the controller - logger.log("Waiting for certificate to become valid: new application, or old certificate has expired"); + logger.log("Validating CA signed certificate requested for app: not yet available"); if (startTime.plus(timeouts.endpointCertificate()).isBefore(controller.clock().instant())) { - logger.log(WARNING, "Controller could not validate certificate within " + + logger.log(WARNING, "CA signed certificate for app not available within " + timeouts.endpointCertificate() + ": " + Exceptions.toMessageString(e)); return Optional.of(RunStatus.endpointCertificateTimeout); } |